It seems that in key-slot 1 of each of the two LUKS containers, that key is translated from the recovery key into a translated hex key, that is stored within key-slot 1 of each of the containers.
I had him modify the script to create a key.out key-file, as during my tests, it was found to be in raw hex format.
Using that key-file, I can unlock the LUKS containers, and add new keys to them. So now, there is a work-around to be able to add new passphrases, and be able to re-enroll a TPM with this type of failure.
We found a way in... (https:/ /lemmy. world/post/ 7029429)
It seems that in key-slot 1 of each of the two LUKS containers, that key is translated from the recovery key into a translated hex key, that is stored within key-slot 1 of each of the containers.
https://<email address hidden> came up with a GO script: /pastebin. com/WdFNRb7C
https:/
Derived from this post at the Forums of snapcraft: /forum. snapcraft. io/t/uc20- fde-boot- flow/27895/ 13
https:/
Which uses the original ParseRecoveryKey(): /github. com/snapcore/ secboot/ blob/master/ crypt.go
https:/
I had him modify the script to create a key.out key-file, as during my tests, it was found to be in raw hex format.
Using that key-file, I can unlock the LUKS containers, and add new keys to them. So now, there is a work-around to be able to add new passphrases, and be able to re-enroll a TPM with this type of failure.